2020-02-16 14:23:05 -07:00
|
|
|
Bastille
|
|
|
|
|
========
|
2019-12-07 17:48:06 -07:00
|
|
|
[Bastille](https://bastillebsd.org/) is an open-source system for automating
|
|
|
|
|
deployment and management of containerized applications on FreeBSD.
|
2018-04-06 13:40:48 -06:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
[Bastille Documentation](https://bastille.readthedocs.io/en/latest/)
|
2019-08-02 10:00:03 -06:00
|
|
|
|
2018-11-18 20:37:03 -07:00
|
|
|
Installation
|
2019-06-22 09:28:42 -06:00
|
|
|
============
|
2023-10-10 19:51:10 -06:00
|
|
|
Bastille is available for installation from the official FreeBSD ports tree.
|
2018-11-18 20:37:03 -07:00
|
|
|
|
2019-06-22 09:28:42 -06:00
|
|
|
**pkg**
|
|
|
|
|
```shell
|
2019-03-11 17:51:32 -06:00
|
|
|
pkg install bastille
|
|
|
|
|
```
|
2018-11-18 20:37:03 -07:00
|
|
|
|
2019-06-22 09:28:42 -06:00
|
|
|
**ports**
|
|
|
|
|
```shell
|
2019-11-22 21:59:11 -07:00
|
|
|
portsnap fetch auto
|
2019-06-22 09:28:42 -06:00
|
|
|
make -C /usr/ports/sysutils/bastille install clean
|
2018-11-18 20:37:03 -07:00
|
|
|
```
|
|
|
|
|
|
2020-02-16 14:23:05 -07:00
|
|
|
**Git** (bleeding edge / unstable -- primarily for developers)
|
2019-11-28 09:21:13 -07:00
|
|
|
```shell
|
2023-10-10 19:51:10 -06:00
|
|
|
git clone https://github.com/bastillebsd/bastille.git
|
2019-11-28 09:21:13 -07:00
|
|
|
cd bastille
|
|
|
|
|
make install
|
|
|
|
|
```
|
|
|
|
|
|
2019-11-23 13:50:55 -07:00
|
|
|
**enable at boot**
|
|
|
|
|
```shell
|
|
|
|
|
sysrc bastille_enable=YES
|
2023-10-10 19:51:10 -06:00
|
|
|
sysrc bastille_list="azkaban alcatraz" # (optional whitelist of jails to start at boot; default: ALL)
|
2019-11-23 13:50:55 -07:00
|
|
|
```
|
|
|
|
|
|
2018-11-07 10:36:54 -07:00
|
|
|
Basic Usage
|
|
|
|
|
-----------
|
2018-11-20 21:03:08 -07:00
|
|
|
```shell
|
2019-11-22 21:59:11 -07:00
|
|
|
Bastille is an open-source system for automating deployment and management of
|
|
|
|
|
containerized applications on FreeBSD.
|
|
|
|
|
|
2018-11-07 10:36:54 -07:00
|
|
|
Usage:
|
2023-03-23 23:14:39 +01:00
|
|
|
bastille command TARGET [args]
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
Available Commands:
|
2019-11-17 18:15:19 -04:00
|
|
|
bootstrap Bootstrap a FreeBSD release for container base.
|
2020-04-14 11:52:29 +02:00
|
|
|
clone Clone an existing container.
|
2019-11-17 18:15:19 -04:00
|
|
|
cmd Execute arbitrary command on targeted container(s).
|
2020-11-28 12:09:56 -05:00
|
|
|
config Get or set a config value for the targeted container(s).
|
2019-11-17 18:15:19 -04:00
|
|
|
console Console into a running container.
|
2023-03-23 23:14:39 +01:00
|
|
|
convert Convert a Thin container into a Thick container.
|
2019-11-17 18:15:19 -04:00
|
|
|
cp cp(1) files from host to targeted container(s).
|
2023-03-23 23:14:39 +01:00
|
|
|
create Create a new thin container or a thick container if -T|--thick option specified.
|
|
|
|
|
destroy Destroy a stopped container or a FreeBSD release.
|
2020-02-16 14:23:05 -07:00
|
|
|
edit Edit container configuration files (advanced).
|
2023-03-23 23:14:39 +01:00
|
|
|
export Exports a specified container.
|
|
|
|
|
help Help about any command.
|
2018-11-07 10:36:54 -07:00
|
|
|
htop Interactive process viewer (requires htop).
|
2023-03-23 23:14:39 +01:00
|
|
|
import Import a specified container.
|
2020-02-02 13:56:02 -07:00
|
|
|
limits Apply resources limits to targeted container(s). See rctl(8).
|
2023-03-23 23:14:39 +01:00
|
|
|
list List containers (running and stopped).
|
2020-05-23 18:35:00 -04:00
|
|
|
mount Mount a volume inside the targeted container(s).
|
2019-11-17 18:15:19 -04:00
|
|
|
pkg Manipulate binary packages within targeted container(s). See pkg(8).
|
2020-02-01 16:06:13 +00:00
|
|
|
rdr Redirect host port to container port.
|
2023-03-23 23:14:39 +01:00
|
|
|
rename Rename a container.
|
2019-11-17 18:15:19 -04:00
|
|
|
restart Restart a running container.
|
2019-11-22 21:59:11 -07:00
|
|
|
service Manage services within targeted container(s).
|
2023-10-10 19:51:10 -06:00
|
|
|
setup Attempt to auto-configure network, firewall and storage on new installs.
|
2019-11-17 18:15:19 -04:00
|
|
|
start Start a stopped container.
|
|
|
|
|
stop Stop a running container.
|
|
|
|
|
sysrc Safely edit rc files within targeted container(s).
|
2023-03-23 23:14:39 +01:00
|
|
|
tags Add or remove tags to targeted container(s).
|
|
|
|
|
template Apply file templates to targeted container(s).
|
2018-11-07 10:36:54 -07:00
|
|
|
top Display and update information about the top(1) cpu processes.
|
2020-05-23 18:35:00 -04:00
|
|
|
umount Unmount a volume from within the targeted container(s).
|
2019-11-17 18:15:19 -04:00
|
|
|
update Update container base -pX release.
|
|
|
|
|
upgrade Upgrade container release to X.Y-RELEASE.
|
2023-03-23 23:14:39 +01:00
|
|
|
verify Compare release against a "known good" index.
|
2020-11-27 19:20:47 -05:00
|
|
|
zfs Manage (get|set) ZFS attributes on targeted container(s).
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
Use "bastille -v|--version" for version information.
|
|
|
|
|
Use "bastille command -h|--help" for more information about a command.
|
2019-11-22 21:59:11 -07:00
|
|
|
|
2018-11-07 10:36:54 -07:00
|
|
|
```
|
|
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
## 0.10-beta
|
2019-11-22 21:59:11 -07:00
|
|
|
This document outlines the basic usage of the Bastille container management
|
2019-03-11 17:51:32 -06:00
|
|
|
framework. This release is still considered beta.
|
2018-04-07 14:57:48 -06:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
Setup Requirements
|
|
|
|
|
==================
|
|
|
|
|
Bastille can now (attempt) to configure the networking, firewall and storage
|
|
|
|
|
automatically. This feature is new since version 0.10.20231013.
|
2019-11-22 21:59:11 -07:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
**bastille setup**
|
2018-04-07 14:57:48 -06:00
|
|
|
|
|
|
|
|
```shell
|
2023-10-10 19:51:10 -06:00
|
|
|
ishmael ~ # bastille setup -h
|
|
|
|
|
ishmael ~ # Usage: bastille setup [pf|bastille0|zfs|vnet]
|
2018-11-07 10:36:54 -07:00
|
|
|
```
|
|
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
On fresh installations it is likely safe to run `bastille setup` with no
|
|
|
|
|
arguments. This will configure the firewall, the loopback interface and attempt
|
|
|
|
|
to determine ZFS vs UFS storage.
|
2018-04-07 14:57:48 -06:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
If you have an existing firewall, or customized network design, you may want to
|
|
|
|
|
run individual options; eg `bastille setup zfs` or `bastille setup vnet`.
|
2020-02-01 16:06:13 +00:00
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
Note: The `bastille setup` command can configure and enable PF but it does not
|
|
|
|
|
automatically reload the firewall. You will still need to manually `service pf
|
|
|
|
|
start`. At that point you'll likely be disconnected if configuring a remote
|
|
|
|
|
host. Simply reconnect the ssh session and continue.
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
This step only needs to be done once in order to prepare the host.
|
|
|
|
|
|
|
|
|
|
Example (create, start, console)
|
|
|
|
|
================================
|
2019-11-22 21:59:11 -07:00
|
|
|
This example creates, starts and consoles into the container.
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
```shell
|
2023-10-10 19:51:10 -06:00
|
|
|
ishmael ~ # bastille create alcatraz 13.2-RELEASE 10.17.89.10
|
2018-11-07 10:36:54 -07:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
ishmael ~ # bastille start alcatraz
|
|
|
|
|
[alcatraz]:
|
|
|
|
|
alcatraz: created
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
ishmael ~ # bastille console alcatraz
|
|
|
|
|
[alcatraz]:
|
2023-10-10 19:51:10 -06:00
|
|
|
FreeBSD 13.2-RELEASE-p4 GENERIC
|
2018-11-07 10:36:54 -07:00
|
|
|
|
|
|
|
|
Welcome to FreeBSD!
|
|
|
|
|
|
|
|
|
|
Release Notes, Errata: https://www.FreeBSD.org/releases/
|
|
|
|
|
Security Advisories: https://www.FreeBSD.org/security/
|
|
|
|
|
FreeBSD Handbook: https://www.FreeBSD.org/handbook/
|
|
|
|
|
FreeBSD FAQ: https://www.FreeBSD.org/faq/
|
2023-10-10 19:51:10 -06:00
|
|
|
Questions List: https://www.FreeBSD.org/lists/questions/
|
2018-11-07 10:36:54 -07:00
|
|
|
FreeBSD Forums: https://forums.FreeBSD.org/
|
|
|
|
|
|
|
|
|
|
Documents installed with the system are in the /usr/local/share/doc/freebsd/
|
|
|
|
|
directory, or can be installed later with: pkg install en-freebsd-doc
|
|
|
|
|
For other languages, replace "en" with a language code like de or fr.
|
|
|
|
|
|
|
|
|
|
Show the version of FreeBSD installed: freebsd-version ; uname -a
|
|
|
|
|
Please include that output and any error messages when posting questions.
|
|
|
|
|
Introduction to manual pages: man man
|
|
|
|
|
FreeBSD directory layout: man hier
|
|
|
|
|
|
2023-10-10 19:51:10 -06:00
|
|
|
To change this login announcement, see motd(5).
|
2018-11-07 10:36:54 -07:00
|
|
|
root@alcatraz:~ #
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
root@alcatraz:~ # ps -auxw
|
|
|
|
|
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
|
|
|
|
|
root 83222 0.0 0.0 6412 2492 - IsJ 02:21 0:00.00 /usr/sbin/syslogd -ss
|
|
|
|
|
root 88531 0.0 0.0 6464 2508 - SsJ 02:21 0:00.01 /usr/sbin/cron -s
|
|
|
|
|
root 6587 0.0 0.0 6912 2788 3 R+J 02:42 0:00.00 ps -auxw
|
|
|
|
|
root 92441 0.0 0.0 6952 3024 3 IJ 02:21 0:00.00 login [pam] (login)
|
|
|
|
|
root 92565 0.0 0.0 7412 3756 3 SJ 02:21 0:00.01 -csh (csh)
|
|
|
|
|
root@alcatraz:~ #
|
|
|
|
|
```
|
|
|
|
|
|
2018-11-18 23:11:02 -07:00
|
|
|
Community Support
|
|
|
|
|
=================
|
|
|
|
|
If you've found a bug in Bastille, please submit it to the [Bastille Issue
|
|
|
|
|
Tracker](https://github.com/bastillebsd/bastille/issues/new).
|
